tabbsomat
Forum Replies Created
-
Forum: Reviews
In reply to: [Authorizer] block internal authenticationThank you Paul, I’d still be happy to get that feature. 😉
Of course, once restricted to external authentication there’s no way to authenticate without having the external data source available – that is exactly my expected behavior.
On the other hand: WordPress Administrators chosing LDAP as Directory always should be able to find their ways to bypass WordPress and to fix potential issues with their directories.
Regarding the password hashes: Accidently created local users have valid hashes. As long issue 89 hasn’t been implemented I continue to run a regular job checking for changed hashes in the database and updating them to a unusable one.
Thanks again and have a nice day,
Thomas- This reply was modified 6 years, 4 months ago by tabbsomat.
Forum: Reviews
In reply to: [Authorizer] block internal authenticationThank you, Paul, for your quick response.
Our users authenticate with user name, only, omitting the domain part. I have concerns about the password hash stored in WordPress for users from the directory….Besides of that: there’s always a risk that admin users create ordinary wordpress users accidently or intentionally. It is difficult do differentiate between these users and those from the directory. I want to have it clear: local users should be ignored.
I like the strict behavior of the simple ldap plugin in this case. Since that plugin has not been maintained for a while it has become incompatible to current versions of WP. Hence I have started to research for more recent ldap plugins. The Authorizer seems to fit best so far 🙂